构建并运行Docker映像作为非root用户
我创建了一个Docker文件并将其作为根用户运行 - 以下是我的Docker文件。以下工作正常,我也可以运行图像。
FROM maven:3.6-jdk-11-slim
WORKDIR /app
COPY . .
RUN mvn clean dependency:go-offline
RUN chmod +x run.sh
ENTRYPOINT ["./run.sh"]
我想将其作为非root用户运行。 run.sh如下所示,
mvn clean spring-boot:run
我试图将dockerfile更改为
FROM maven:3.6-jdk-11-slim
WORKDIR /app
COPY . .
RUN mvn clean dependency:go-offline
RUN groupadd -r -g 2000 mygrp && useradd -u 2000 -r -g mygrp myuser
RUN chown -R myuser:mygrp .
RUN chmod -R 700 run.sh
USER myuser
RUN chmod u+x run.sh
ENTRYPOINT ["./run.sh"]
图像的构建正常,但是当我尝试运行时 - 这是错误
[ERROR] Could not create local repository at /home/myuser/.m2/repository -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/LocalRepositoryNotAccessibleException
I have created a docker file and running it as a root user -
Following is my docker file. The below works fine and I can run the image as well.
FROM maven:3.6-jdk-11-slim
WORKDIR /app
COPY . .
RUN mvn clean dependency:go-offline
RUN chmod +x run.sh
ENTRYPOINT ["./run.sh"]
I want to run it as non-root user.
The run.sh is as follows
mvn clean spring-boot:run
I tried to change the dockerfile to
FROM maven:3.6-jdk-11-slim
WORKDIR /app
COPY . .
RUN mvn clean dependency:go-offline
RUN groupadd -r -g 2000 mygrp && useradd -u 2000 -r -g mygrp myuser
RUN chown -R myuser:mygrp .
RUN chmod -R 700 run.sh
USER myuser
RUN chmod u+x run.sh
ENTRYPOINT ["./run.sh"]
The images builds fine but when I try to run -
this is the error
[ERROR] Could not create local repository at /home/myuser/.m2/repository -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/LocalRepositoryNotAccessibleException
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可能需要更新
groupAdd指令。替换:
运行GroupAdd -R -G 2000 mygrp&& UserAdd -U 2000 -R -G mygrp myuser在Dockerfile中使用:
运行groupadd -r -g 2000 mygrp&amp&& USERADD -M -D/HOME/MYUSER/-S/BIN/BASH -U 2000 -R -G MYGRP MYGRP MYUSERtl; dr
从错误消息中
Myuser无法创建本地存储库。这是因为当您使用userAdd命令创建新用户时,它没有为该用户创建主目录。因此,首先缺少/home/myuser目录。-muserAdd命令中的选项将创建主目录(如果不存在),并且-s选项选项设置了登录Shell上的主目录。参考: https://unix.stackexchange.com/a/182324/5222304
You might need to update the
groupaddinstruction.Replace:
RUN groupadd -r -g 2000 mygrp && useradd -u 2000 -r -g mygrp myuserWith this in the Dockerfile:
RUN groupadd -r -g 2000 mygrp && useradd -m -d /home/myuser/ -s /bin/bash -u 2000 -r -g mygrp myuserTL;DR
From the error message, it is quite clear that the
myuserwas unable to create a local repository. This is because when you created the new user using theuseraddcommand, it did not create the home directory for that user. Hence the/home/myuserdirectory was missing in the first place.-moption in theuseraddcommand will create the home directory if not present and-soption sets the home directory on the login shell.Ref: https://unix.stackexchange.com/a/182324/522304